General

  • Target

    fefa0aa8217716ecbfd713cfa47f29cee5b4a7c4e4b2968680a5faa77a2b23c5

  • Size

    392KB

  • Sample

    221126-2n9qvaec5z

  • MD5

    0fbecec65bdc3e58a3604c015f24e3d1

  • SHA1

    d4a0b4b628768d2ad970c69c661bcd7f174c76b0

  • SHA256

    fefa0aa8217716ecbfd713cfa47f29cee5b4a7c4e4b2968680a5faa77a2b23c5

  • SHA512

    30397c4aa49b62905db894b2abaf911fda73391af9969e713b5bdc10a78f78591a711c2de2b6a96745ef7ae94e18020dc95c2a6b301633e58893c185949e9df0

  • SSDEEP

    12288:ZQB0GnWtil+1pcuVhbNrSqEw6tXLMRWgG:KVnWtRb/hxrQZMRW7

Malware Config

Targets

    • Target

      fefa0aa8217716ecbfd713cfa47f29cee5b4a7c4e4b2968680a5faa77a2b23c5

    • Size

      392KB

    • MD5

      0fbecec65bdc3e58a3604c015f24e3d1

    • SHA1

      d4a0b4b628768d2ad970c69c661bcd7f174c76b0

    • SHA256

      fefa0aa8217716ecbfd713cfa47f29cee5b4a7c4e4b2968680a5faa77a2b23c5

    • SHA512

      30397c4aa49b62905db894b2abaf911fda73391af9969e713b5bdc10a78f78591a711c2de2b6a96745ef7ae94e18020dc95c2a6b301633e58893c185949e9df0

    • SSDEEP

      12288:ZQB0GnWtil+1pcuVhbNrSqEw6tXLMRWgG:KVnWtRb/hxrQZMRW7

    • BetaBot

      Beta Bot is a Trojan that infects computers and disables Antivirus.

    • Modifies firewall policy service

    • Sets file execution options in registry

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Drops desktop.ini file(s)

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

2
T1060

Defense Evasion

Modify Registry

6
T1112

Discovery

Query Registry

3
T1012

System Information Discovery

4
T1082

Tasks